Bitcoin Q&A: The QuadrigaCX scandal and counterparty risk


Christina asks, “Regarding the matter of QuadrigaCX
and the funds lost, as the owner died holding the keys, can you see this affecting encryption and regulation?”
This is an interesting question, Christina. QuadrigaCX is a Canadian exchange that
recently went into bankruptcy proceedings, in order to protect itself legally while it tries
to find [a way to] pay back its customers. The story at the moment, as far as we know, is that
the owner of the exchange had sole control over keys… to the cold storage, which is long-term storage of
[cryptocurrency] that is offline for security reasons. [Allegedly], the owner of QuadrigaCX was
the only person with access to these keys. They died recently.
As a result, those keys are now “lost.” It appears they were stored on an encrypted laptop. This is a perfect example of the risks
[around] third-party custody over keys. I’ve used an expression many times. You have
probably heard it being chanted as a mantra: not your keys, not your coins,
or not your keys, not your bitcoin. Not your keys, not your crypto. The idea is, you should be very careful with
trusting third parties to hold your money. This applies to any domain of money, but
it applies especially to [cryptocurrencies]… because it is easier to steal or lose bitcoin and other
cryptocurrencies when you put it all in one place, under the control of one person. Bitcoin maintains its security through decentralization.
In order to rob a thousand people, you would need to… break into a thousand wallets on different computers,
which are on mobile, desktop, or hardware wallets, etc. That is very difficult to do. Essentially, you
would need to pull off a thousand heists. But if those one thousand people deposit their
crypto with one person who controls all the keys, now you only need to hack or lose one wallet to get one
set of keys, and those thousand people lose their money. This is exactly what has happened in this case.
How does it affect encryption and regulation? It doesn’t really change anything about either
of those categories. Arguably, as I said in… my testimony to the Canadian Senate, it is important
to [be skeptical of] institutions that hold bitcoin… on behalf of other people in custodial
accounts, in a very similar way to banks. We should put them under the same type of scrutiny.
They concentrate risk when they have control… over people’s funds, significant risks to resilience. [There should be] contingency planning,
disaster recovery, and business continuity… in the event of a founders death, theft, or hacking. Reserves [should be audited regularly to determine]
whether they actually have the money they claim to. As I have suggested, regulating the decentralized
control of [cryptocurrency] keys is unnecessary. Regulating the centralized control of keys is necessary
and something the government should be doing, but of course in the space
there is a lot of sloppy security. Hopefully, this doesn’t change encryption or regulation,
but it teaches people the lesson that apparently… needs to be told again and again,
when exchanges fail again and again. People [need to] learn the fundamental lesson of
not trusting third parties with their cryptocurrency.

Leave a Reply

Your email address will not be published. Required fields are marked *